<?php
require_once('mysql_connect.php');
if ($_SESSION['admin'] == 1){
}else{
	header("Location:login.php");
	exit();
}

$loc ="admin";

if(isset($_POST['addact'])){
	$insertact = "INSERT INTO actormovie(actorid, movieid) VALUES({$_POST['actor']}, {$_POST['id']})";
	$insertactresult = mysql_query($insertact);
}
if(isset($_GET['delact'])){
	$insertact = "DELETE FROM actormovie WHERE id=" . $_GET['delact'];
	$insertactresult = mysql_query($insertact);
}
if(isset($_GET['delpic'])){
	$insertact = "DELETE FROM picture WHERE id=" . $_GET['delpic'];
	$insertactresult = mysql_query($insertact);
}


if(isset($_POST['submit'])){
	$name = escape_data($_POST['name']);
	$description = escape_data($_POST['description']);
	$runningtime = escape_data($_POST['runningtime']);
	
	if(strlen($_POST['id']) > 0){
		$query = "UPDATE movie SET name='{$name}', type={$_POST['type']}, genre={$_POST['genre']}, rating='" . escape_data($_POST['rating']) ."', description='{$description}', runningtime='" . escape_data($_POST['runningtime']) . "', year='" . escape_data($_POST['year']). "' WHERE id=" . $_POST['id'];
		$result = mysql_query($query) or die(mysql_error());

	}else{
		$query = "INSERT INTO movie(name, type, genre, rating, description, runningtime, year) VALUES('". $name ."', {$_POST['type']}, {$_POST['genre']}, '" . escape_data($_POST['rating']) . "', '{$description}', '{$runningtime}', '" . escape_data($_POST['year']) . "')";
		$result = mysql_query($query);
		header("Location:addmovie.php?id=" . mysql_insert_id());
		exit();
	}
	$name = NULL;
	$description = NULL;
	$runningtime = NULL;
	
}
if(isset($_POST['id'])){
$getid = $_POST['id'];
}
if(isset($_GET['id'])){
$getid = $_GET['id'];
}

if(strlen($getid) > 0){
	$editquery = "SELECT * FROM movie WHERE id=" . $getid;
	$editresult = mysql_query($editquery) or die(mysql_error());
	$editrow = mysql_fetch_array($editresult);
	$name = unescape_data($editrow['name']);
	$type = unescape_data($editrow['type']);
	$genre = unescape_data($editrow['genre']);
	$rating = unescape_data($editrow['rating']);
	$description = unescape_data($editrow['description']);
	$runningtime = unescape_data($editrow['runningtime']);
	$year = unescape_data($editrow['year']);
	$actorq = "SELECT * FROM actormovie WHERE movieid=" . $getid;
	$actor = mysql_query($actorq);
}

$typequery = "SELECT * FROM type";
$typeresult = mysql_query($typequery);
$genrequery = "SELECT * FROM genre";
$genreresult = mysql_query($genrequery);
$actorquery = "SELECT * FROM actor ORDER BY name";
$actorresult = mysql_query($actorquery);

include('top.php');
?>
<TABLE><TR><TD>

<FORM ACTION="addmovie.php" method="post">
<INPUT TYPE="hidden" name="id" id="id" value="<?php echo $getid;?>">
<BR><FONT FACE="Verdana" size=-1>name: </FONT> <INPUT TYPE="text" name="name" id="name" value="<?php echo $name;?>">
<BR><FONT FACE="Verdana" size=-1>running time: </FONT> <INPUT TYPE="text" name="runningtime" id="runningtime" value="<?php echo $runningtime;?>">
<BR><FONT FACE="Verdana" size=-1>year: </FONT> <INPUT TYPE="text" name="year" id="year" value="<?php echo $year;?>">
<BR><HR width="100%">
<BR><FONT FACE="Verdana" size=-1>description: </FONT><BR><TEXTAREA name="description" id="description" style="width:100%" rows="10"><?php echo $description;?></TEXTAREA>
<BR><HR width="100%">
<BR><FONT FACE="Verdana" size=-1>rating: </FONT><SELECT name="rating" id="rating"><OPTION value="no rating" <?php if($rating == "no rating"){echo "SELECTED";}?>>no rating</OPTION><OPTION value="XXX" <?php if($rating == "XXX"){echo "SELECTED";}?>>XXX</OPTION><OPTION value="nc-17" <?php if($rating == "nc-17"){echo "SELECTED";}?>>nc-17</OPTION><OPTION value="r" <?php if($rating == "r"){echo "SELECTED";}?>>r</OPTION><OPTION value="pg-13" <?php if($rating == "pg-13"){echo "SELECTED";}?>>pg-13</OPTION><OPTION value="pg" <?php if($rating == "pg"){echo "SELECTED";}?>>pg</OPTION><OPTION value="g" <?php if($rating == "g"){echo "SELECTED";}?>>g</OPTION></SELECT>
<BR><FONT FACE="Verdana" size=-1>type: </FONT><SELECT name="type" id="type">
<?php
while($typerow = mysql_fetch_array($typeresult)){
?>
<OPTION value="<?php echo $typerow['id'];?>" <?php if($typerow['id'] == $type){echo "SELECTED";}?>><?php echo unescape_data($typerow['name']);?></OPTION>
<?php
}
?>
</SELECT>
<BR><FONT FACE="Verdana" size=-1>genre: </FONT><SELECT name="genre" id="genre">
<?php
while($genrerow = mysql_fetch_array($genreresult)){
?>
<OPTION value="<?php echo $genrerow['id'];?>" <?php if($genrerow['id'] == $genre){echo "SELECTED";}?>><?php echo unescape_data($genrerow['name']);?></OPTION>
<?php
}
?>
</SELECT>
<BR><INPUT TYPE="submit" name="submit" id="submit" value="submit movie">
</FORM>
<?php
if(strlen($getid) > 0){
?>
<BR><HR width="100%">
<BR><FORM ACTION="addmovie.php" method="post">
<BR><BR><FONT FACE="Verdana" size=-1>add actor: </FONT><SELECT name="actor" id="actor">
<?php
while($actorrow = mysql_fetch_array($actorresult)){
?>
<OPTION value="<?php echo $actorrow['id'];?>"><?php echo unescape_data($actorrow['name']);?></OPTION>
<?php
}
?>
</SELECT><INPUT TYPE="hidden" name="id" id="id" value="<?php echo $getid;?>"
<INPUT TYPE="submit" name="addact" id="addact" value="add actor">
</FORM>
<?php
}
if(strlen($getid) > 0){
?>
<BR><HR WIDTH="100%">
<BR><FONT FACE="Verdana" size=4>Current Actors</FONT><BR>
<?php
while($actorr = mysql_fetch_array($actor)){
	$actornamequery = "SELECT * FROM actor WHERE id=" . $actorr['actorid'];
	$actornamerrestult = mysql_query($actornamequery);
	$actornamerow = mysql_fetch_array($actornamerrestult)
?>
	<BR><FONT FACE="Verdana" size=-1><?php echo unescape_data($actornamerow['name'])?> (<A HREF="addmovie.php?delact=<?php echo unescape_data($actorr['id']);?>&id=<?php echo $getid;?>"><FONT FACE="Verdana" size=-1 color="000000">delete</FONT></A>)</FONT>
<?php
}
?>
<?php
}
?>
<?php
if(strlen($getid) > 0){
?>
<BR><HR width="100%">
<BR><FONT FACE="Verdana" size=4>Pictures</FONT><BR>
<?php
$picturequery = "SELECT * FROM picture WHERE movieid=" . $getid;
$pictureresult = mysql_query($picturequery);
$numrows = mysql_num_rows($pictureresult);
	while($picrow = mysql_fetch_array($pictureresult)){
?>
<BR><IMG SRC="pics/<?php echo $picrow['id'] . "." . $picrow['ext'];?>" width=120><BR><A HREF="addmovie.php?delpic=<?php echo $picrow['id'];?>&id=<?php echo $getid;?>"><FONt FACE="Verdana" size="-1" color="000000">delete</FONT></A>
<?php
	}
if(!$numrows > 0){
?>
<BR><BR><A HREF="picture.php?goid=<?php echo $getid;?>"><FONT FACE="Verdana" size=-1 color=000000>add picture</FONT></A>
<?php
}
}
?>
</TD></TR></TABLE>
<?php
include('bot.php');
?>